Does no one have any ideas about this? This topic would be very important to me. Because it is already a bit annoying.

Can you provide any example of this issue?

What would you like to have with it? It's like I described: I open the web interface of my switch on day 1 for example and it comes up with the standard query if I trust this website "Warning: Potential Security Risk Ahead". I click on "Advanced..." and then on "Accept the Risk and Continue". On the second day 2 when I go back to the web interface of the switch the same message appears again.

Does it happen for every website? If not, can you provide an exemplary domain address?

It happens with every page...

Is there an Advanced... button? Can you click it and paste here the certificate?

Is there an Advanced... button? Can you click it and paste here the certificate?

Attached are two screenshots of the certificate and the warning. Is that enough for you

There should be also Download (string) link below. Try to click it and paste here the output.

There should be also Download (string) link below. Try to click it and paste here the output.

Attached here is this issue:

https://mamt-nas01/redirect.html?count=0.07759302844965466

Der Zertifikat-Aussteller der Gegenstelle wurde nicht erkannt.

HTTP Strict Transport Security: false HTTP Public Key Pinning: false

Zertifikatskette:

If you click the blue SEC_ERROR_UNKNOWN_ISSUER link then Firefox should show the base64 encoded certificate data and copy this data to the clipboard.

I have just posted.

The screenshot shows a QNAP NAS certificate that you would expect to be used for connecting to a NAS and not for accessing internet.

This is also a local access, so no access via the Internet to the device. The strange thing is that I get this error message every time I connect to this NAS.

The strange thing is that I get this error message every time I connect to this NAS.

Does Firefox forget if you simply close and re-open that tab, or only when you exit/restart Firefox and try again in the new session?

Firefox may remember exceptions only for the current session if you either

(A) use private windows -- site-specific information is not persisted to disk

(B) modified the value of security.certerrors.permanentOverride to false in about:config (but this is very uncommon unless you used a hardening list)

I am really pleased how many are concerned with my problem. Thank you!

Does Firefox forget if you simply close and re-open that tab, or only when you exit/restart Firefox and try again in the new session?

This is an interesting question: when I click on "Accept risk and continue", it doesn't matter for some time whether I restart Firefox (with about:profiles -> Restart Normal) or close the tab and open it again. There is no warning anymore. After a few hours I get this warning again.

Firefox may remember exceptions only for the current session if you either (A) use private windows -- site-specific information is not persisted to disk

In this context, I am not concerned with private windows. I open these web pages normally.

(B) modified the value of security.certerrors.permanentOverride to false in about:config (but this is very uncommon unless you used a hardening list)

I have not changed this setting and it is set to true.

I am really pleased how many are concerned with my problem. Thank you!

jscher2000 - Support Volunteer schrieb

Does Firefox forget if you simply close and re-open that tab, or only when you exit/restart Firefox and try again in the new session?

This is an interesting question: when I click on "Accept risk and continue", it doesn't matter for some time whether I restart Firefox (with about:profiles -> Restart Normal) or close the tab and open it again. There is no warning anymore. After a few hours I get this warning again.

After a few hours... Unless your server generated a new certificate, it's hard to understand what would be changing in a few hours.

Or could there be any process on your system that removes/replaces the cert9.db file in your profile folder which stores exceptions? (Profiles - Where Firefox stores your bookmarks, passwords and other user data)

After a few hours... Unless your server generated a new certificate, it's hard to understand what would be changing in a few hours.

I will wait a few hours and revisit the same QNAP NAS and post the certificate string here. Maybe this will change.

Or could there be any process on your system that removes/replaces the cert9.db file in your profile folder which stores exceptions? (Profiles - Where Firefox stores your bookmarks, passwords and other user data)

I don't know. Maybe it's because of my anti-virus program ESET? Maybe it changes the cert9.db?

First Try:

   https://mamt-nas01/redirect.html?count=0.8902489143157176
   Der Zertifikat-Aussteller der Gegenstelle wurde nicht erkannt.
   HTTP Strict Transport Security: false
   HTTP Public Key Pinning: false
   Zertifikatskette:
   -----BEGIN CERTIFICATE-----
   MIIDvTCCAqWgAwIBAgIQDPAS73CEOWQA8UC3FQIoQjANBgkqhkiG9w0BAQsFADBH
   MUUwQwYDVQQDDDxUaGUgb3JpZ2luYWwgY2VydGlmaWNhdGUgcHJvdmlkZWQgYnkg
   dGhlIHNlcnZlciBpcyB1bnRydXN0ZWQwHhcNMTYwMzExMTA0NTI3WhcNMjYwMzA5
   MTA0NTI3WjCBjjELMAkGA1UEBhMCVFcxDzANBgNVBAgTBlRhaXBlaTEPMA0GA1UE
   BxMGVGFpcGVpMRswGQYDVQQKExJRTkFQIFN5c3RlbXMsIEluYy4xDDAKBgNVBAsT
   A1FUUzERMA8GA1UEAxMIUU5BUCBOQVMxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRA
   cW5hcC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyPxLm7HD5
   1AiJOo6Dh2Jzi0oT328Eeriuw6Wg8g7cw/nnmU14eclP2R4QAaOHvxAFdxWLnZdx
   zrs9PykyKETxh4kZTc2k8C+Ckr6sDd5Rx5SYRV0P9vJ6o65LiXEtEin8CimymCzR
   FG/ie0cGXbtTj6qYhShEcSFNHRfKJEtk5zfGXC1yrF5o1nL9j5R4NzpEQDXGkbp5
   8YorpBIE6dTKdNvyE3BqeXhBi1FqPGkuGKgj4pciujSpTzuzeBwDQOut+uEhHthR
   3BjHqp+f9IeVKMrIYfRCt52B1b56dlKyz5ZhF/msrgcjc3YXA0h5Mm7dYuFuQ/2u
   +yJL1mHPx4vbAgMBAAGjXTBbMAsGA1UdDwQEAwIFoDAdBgNVHQ4EFgQUQsix2U9U
   9yAWqWlMoCfMy+3UcD0wHwYDVR0jBBgwFoAUQsix2U9U9yAWqWlMoCfMy+3UcD0w
   DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAb/H0ZYKL9rDHx8Rl+3YM
   hSRGrD/JA7NjIOYUbgC7v9Gsu2TJPIfuUBFN60803Y8ff2quUk4z0DaCrCAFIZXw
   GezQKMo2WPEoLO0ehblpktnJAM6KkkcCoybpjky9JfwX+OXWPAlpIK7dToYKI09W
   PpuRHZtBjB8qwONReeuLe+RLLfGYPBK/ralsWiiLGgmEmTzR/D3DXASjS58L2jH5
   j3PV/jq5xUCH8cRHIck6ATKGwvGyjHQECeQbsLkN0qETPEgyrHnKYGIcCgY2ryzy
   LHhpa4qIPp2RBObvZgkUdIjZNY8iGzr0D/ntFAAuRUdePgjDlYMw55WYVgW904++
   Dg==
   -----END CERTIFICATE-----

Second Try:

   https://mamt-nas01/redirect.html?count=0.9115867796392408

   Der Zertifikat-Aussteller der Gegenstelle wurde nicht erkannt.

   HTTP Strict Transport Security: false
   HTTP Public Key Pinning: false

   Zertifikatskette:

   -----BEGIN CERTIFICATE-----
   MIIDvTCCAqWgAwIBAgIQKWekz/bt5gfj2QhzfHh6nzANBgkqhkiG9w0BAQsFADBH
   MUUwQwYDVQQDDDxUaGUgb3JpZ2luYWwgY2VydGlmaWNhdGUgcHJvdmlkZWQgYnkg
   dGhlIHNlcnZlciBpcyB1bnRydXN0ZWQwHhcNMTYwMzExMTA0NTI3WhcNMjYwMzA5
   MTA0NTI3WjCBjjELMAkGA1UEBhMCVFcxDzANBgNVBAgTBlRhaXBlaTEPMA0GA1UE
   BxMGVGFpcGVpMRswGQYDVQQKExJRTkFQIFN5c3RlbXMsIEluYy4xDDAKBgNVBAsT
   A1FUUzERMA8GA1UEAxMIUU5BUCBOQVMxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRA
   cW5hcC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyPxLm7HD5
   1AiJOo6Dh2Jzi0oT328Eeriuw6Wg8g7cw/nnmU14eclP2R4QAaOHvxAFdxWLnZdx
   zrs9PykyKETxh4kZTc2k8C+Ckr6sDd5Rx5SYRV0P9vJ6o65LiXEtEin8CimymCzR
   FG/ie0cGXbtTj6qYhShEcSFNHRfKJEtk5zfGXC1yrF5o1nL9j5R4NzpEQDXGkbp5
   8YorpBIE6dTKdNvyE3BqeXhBi1FqPGkuGKgj4pciujSpTzuzeBwDQOut+uEhHthR
   3BjHqp+f9IeVKMrIYfRCt52B1b56dlKyz5ZhF/msrgcjc3YXA0h5Mm7dYuFuQ/2u
   +yJL1mHPx4vbAgMBAAGjXTBbMAsGA1UdDwQEAwIFoDAdBgNVHQ4EFgQUQsix2U9U
   9yAWqWlMoCfMy+3UcD0wHwYDVR0jBBgwFoAUQsix2U9U9yAWqWlMoCfMy+3UcD0w
   DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAJcIpQEPiTpMKzwaBtZRz
   AdSDN30dD+/TJiGlZ+0GXj1UY+U2IDO8Yv5Zx0Tq4l6dkmaHZ3KbqAa39SGn4zpp
   MLbiUAkVG98YnfZHd2lMq6WeFm1zAhpQmP9kHWl0anaB+wkQxDykAe8OlB9QvV2O
   KhzB9upU4o+e8ojfEXPa75m6I70BmDBiVT5iqwYxiQWMblrccV+lj4EZxnt9vnAe
   YnTxBxdETz01eB2xSaiy08JnUGfteuthu3D/6b4KWXGPzwcmewybbinIy4zhNR1y
   Omltmr/t1Ta3ZJeQA6nlCIFQJZeeAtNZB26CDGnICN4vvIKH11ZRKJrxW/5vfzeW
   Jg==
   -----END CERTIFICATE-----

As you can see, the server's certificate keeps changing. Every few hours. What could be the cause of this?

Perhaps new certificates are generated regularly by the device or by an intermediary server representing itself as the device. ??

Two things I notice about the cert after decoding:

(1) "Issuer: CN = The original certificate provided by the server is untrusted"

I think that is provided by the server and is not a judgment issued by Firefox?

(2) The Subject Alt Name (SAN) field is blank.

More recent versions of Firefox require the server name to be in this field.

But setting those aside, the fact that the certificate keeps changing would still be a problem when you need to make an exception.

Have you checked for firmware updates? https://www.qnap.com/de-de/download

Go to menu ≡ -> Settings and check your Proxy settings. It should be set to No proxy.